The first version of the ZD article seemed to imply that Lync was suffering Zero Day attack, but it was later amended to say that in the wild attacks have only been seen, SO FAR, against Microsoft office. These vulnerabilities ‘only’ allows remote code execution but that’s enough to really mess up someone’s day, to say the least.

Microsoft’s disclosure page includes details on workarounds (to mitigate against the attacks) and a ‘Fix It’ link to automate these. I’ve not yet seen hot fixes to resolve the problem, but will be anxiously looking for them and plan to implement them quickly!